abdulbaki aydın

baki [at] cs [.] ucsb [.] edu

Hello, I am a PhD candidate in Computer Science department at University of California, Santa Barbara (UCSB). I am a member of Verification Lab where I am being advised by Prof. Tevfik Bultan. Before joining UCSB, I received my Bachelor degrees in Computer Engineering and Electric-Electronics Engineering (double major) from Fatih University in 2009. I spent two years in software development after my graduation.

My research interests are program analysis, automated software verification, automated testing, software security, and string analysis. I did work on analysis of web applications using automata based symbolic string execution techniques to automatically find and fix security related vulnerabilities in web applications (JS, PHP). I did work on privacy threat detection and prevention on mobile platforms using dynamic analysis techniques (Android). Recently, I have been working on two research projects: 1) ABC, Automata Based model Counter, a model-counting constraint solver. 2) PAC, PAth Complexity analyzer, provides an upper-bound for the number of paths in a program.

Other than research and development, I enjoy playing soccer, surfing (need more practice), traveling around, and exploring new places with my wife Yasemin.

Learn about my research interests

My Research Interests

to improve software dependability, software security, and developer productivity.

Automated Verification and Testing

bug discovery/fixing, test case generation, software security

Program Analysis (Static/Dynamic)

symbolic/concolic execution, complexity analysis, flow analysis

String Analysis and Constraint Solving

web application security, string constraint solving, model counting

Programming Languages and Compilers

optimizations, execution environments, domain specific languages

Publications

  • Lucas Bang, Abdulbaki Aydin, Tevfik Bultan: Automatically Computing Path Complexity of Programs.

    Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering (ESEC/FSE 2015), pages 61-72, Bergamo, Italy, Sep 02-04, 2015.

    (Online Demo )
  • Abdulbaki Aydin, Lucas Bang, Tevfik Bultan: Automata-based Model Counting for String Constraints.

    Proceedings of the 27th International Conference on Computer Aided Verification, Part 1 (CAV 2015), pages 255-272, San Francisco, California, USA, July 18-24, 2015.

    (Project Web Page)
  • Muath Alkhalaf, Abdulbaki Aydin, Tevfik Bultan: Semantic Differential Repair for Input Validation and Sanitization.

    Proceedings of the 2014 International Symposium on Software Testing and Analysis (ISSTA 2014), pages 225-236, San Jose, California, USA, July 21-25, 2014.

    (Project Web Page)
  • Abdulbaki Aydin, Muath Alkhalaf, Tevfik Bultan: Automated Test Generation from Vulnerability Signatures.

    Proceedings of the 7th International Conference on Software Testing, Verification and Validation (ICST 2014), pages 193-202, Cleveland, Ohio, USA, March 31-April 4, 2014.

Workshops

  • Abdulbaki Aydin, Muath Alkhalaf, Tevfik Bultan: Automated Test Generation from Vulnerability Signatures.

    Graduate Student Workshop (GSWC 2014), Santa Barbara, CA, USA, Oct 10, 2014. *Best paper award receiver

  • Muath Alkhalaf, Abdulbaki Aydin, Tevfik Bultan: Differential Patching of Input Validation in Web Apps.

    SoCal Programming Languages and Systems Workshop (SoCal 2013), Santa Barbara, CA, USA, May 4, 2013.

  • Abdulbaki Aydin, Muath Alkhalaf, Tevfik Bultan: Automated Test Generation from Vulnerability Signatures.

    SoCal Programming Languages and Systems Workshop (SoCal 2013), Santa Barbara, CA, USA, May 4, 2013.

Projects and Tools

ABC
Automata Based model Counter

ABC is a constraint solver and model counter for string constrainsts and linear integer arithmetic constraints. ABC has several use cases in program analysis domain (information leakage analysis, probabilistic execution). Currently it is developed as C++ shared library and executable. Source code will be available online by the end of 2015. We are currently improving ABC with additional operations and theories. Please see our CAV'15 publication for theoritical details.

PAC
PAth Complexity analyzer

PAC analyzes your code and extracts a theotical bound on worst case path complexity of your code. There is an online demo available! PAC currently supports analysis of Java programs and can be extended to any programming language. Please see our ESEC/FSE'15 publication for theoritical details. We are working on improving PAC with inter-procedural analysis.

SemRep
Semantic Differential Repair

SemRep analyzes and repairs validation and sanitization functions against each other. The tool does not need any manual specification or intervention. It takes two functions as Dependency Graphs then it looks for differences in validation and sanitization operations for string variables. If a difference is found, the tool suggests a set of three patch functions that can be used to fix the difference. Please see our ISSTA'14 publication for theoritical details.

Resume

Education
  • Ph.D. Computer Science, University of California Santa Barbara, CA, USA Aug. 2016 (expected)
    • Advanced Topics in Security (CMPSC 279)
    • Scalable Internet Services (CMPSC 290B)
    • Advanced Computer Architecture (CMPSC 254)
    • Database Systems (CMPSC 274)
    • Modern Programming Languages and Their Implementations (CMPSC 263)
    • Automated Verification (CMPSC 267)
    • Software Engineering (CMPSC 272)
    • Formal Modals for Web Software (CMPSC 290C)
  • B.S. Computer Engineering, Fatih University, Istanbul, Turkey 3.97/4.00 - July 2009
  • B.S. Electric-Electronics Engineering, Fatih University, Istanbul, Turkey (double major) - July 2009
Professional Experience
  • Research Assistant, Verification Lab., University of California Santa Barbara Sep. 2012 - Present
    I am a member of Verification Lab where I am being advised by Prof. Tevfik Bultan. My main research interests are automated verification, automated testing, and model driven development with verification in mind. My recent research focuses on analysis of web applications using automata based symbolic string execution techniques for several purposes such as security, web application dependability. Currently, I am working on differential analysis of web applications for patching validation and/or sanitization routines.
  • Research Intern, IBM T.J. Watson Research Center June 2014 - Sep 2014
    Popular mobile application platforms have limited supports for user privacy. The current permission system is not at the level of desired granularity. For example, an application can share privacy sensitive data with third parties once it has permissions to access to the data. My research at IBM aims to provide a user-friendly fine-grained permission control on privacy sensitive data usages which prevents undesired data usages. It can be summarized in three main phase: (1) identification of privacy sensitive data usages, (2) fine-grained configuration of privacy sensitive data usages via a user-friendly interface, (3) enforcement of fine-grained configurations without any degradation of application functionality.
  • Software Consultant, SecureDocs, Inc (Part-time) 2014 - 2015
    Experience: Test Driven Development, BackboneJS, Ruby on Rails
    Software development for SecureDocs and ContractWorks. SecureDocs
  • Software Engineering Intern, Appfolio, Inc June 2013 - Sep 2013
    Experience: Test Driven Development, Pair Programming, Scrum, Agile Development
    Developed new software components and made improvements for a secure virtual data room solution called SecureDocs. Used BackboneJS for client side development and Ruby on Rails for server side development.
  • Teaching Assistant, University of California Santa Barbara Fall'11, Winter'12, Spring'12, Winter'13
    • Data Structures and Algorithms (CMPSC 130A)
    • Translation of Programming Languages (CMPSC 160)*
    • Introduction to Cryptography (CMPSC 178)
    • * Outstanding Teaching Assistant award received
  • Software Developer, Hewlett-Packard July 2009 - August 2011
    Developed several software components using various programming languages and technologies. (ActionScript, PHP, C#, Java, XSLT, Web Services...)
Honors & Awards
  • Best Paper Award, Graduate Student Workshop (GSWC 2014) 2014, USA
  • Outstanding Teaching Assistant, University of California Santa Barbara Winter 2013, USA
  • High Honor, Fatih University 2004 - 2009, Turkey
  • First Double Major Graduate (Electric-Electronics Engineering), Fatih University July 2009, Turkey
  • Ranked in first 100 among 1.5 million students in the National University Entrance Exam 2006, Turkey
  • Ranked as 253rd among 1.5 million students in the National University Entrance Exam 2004, Turkey
Computer Skills
  • C, C++, Java, PHP, JavaScript, Ruby, Python
  • MVC frameworks; Backbone, Ruby on Rails
  • XML, HTML, CSS, XSLT, SQL
  • Linux, Windows
  • Knowledge on program analysis tools, verification tools and languages
Language Skills
  • Turkish - Mother tongue
  • English - Advanced
  • Spanish - Basic


Personal Skills
  • Self-motivated and have self-learning skills
  • Ability to work in a fast paced and dynamic environment
  • Passion to continuously learn and improve
Interests
  • Playing soccer, Surfing, Ping-pong
  • Travelling, Nature
  • Reading history and biography
* References available upon request

baki [at] cs [.] ucsb [.] edu